cxxmcp/api/token_8hpp_source.html

// Copyright (c) 2025 [caomengxuan666]


#pragma once


#include <optional>

#include <string>

#include <utility>

#include <vector>


#include "cxxmcp/auth/constant_time.hpp"

#include "cxxmcp/auth/types.hpp"

#include "cxxmcp/core/result.hpp"


namespace mcp::auth {


struct TokenSet {

  std::string access_token;

  std::string token_type = "Bearer";

  std::optional<std::string> refresh_token;

  std::optional<TimePoint> expires_at;

  ScopeList scopes;

  MetadataMap metadata;


  bool expired(TimePoint now = SystemClock::now()) const {

    return expires_at.has_value() && *expires_at <= now;

  }


};


struct TokenRefreshResult {

  TokenSet token_set;

  bool refresh_token_rotated = false;

};


struct TokenKey {

  std::string resource;

  std::string issuer;

  std::string client_id;

  MetadataMap attributes;

};


class TokenStore {

 public:

  virtual ~TokenStore() = default;


  virtual core::Result<std::optional<TokenSet>> load(const TokenKey& key) = 0;

  virtual core::Result<core::Unit> save(const TokenKey& key,

                                        TokenSet tokens) = 0;

  virtual core::Result<core::Unit> remove(const TokenKey& key) = 0;

};


class InMemoryTokenStore final : public TokenStore {

 public:

  core::Result<std::optional<TokenSet>> load(const TokenKey& key) override {

    const auto iter = find_entry(key);

    if (iter == entries_.end()) {

      return std::optional<TokenSet>{};

    }

    return iter->second;

  }


  core::Result<core::Unit> save(const TokenKey& key, TokenSet tokens) override {

    auto iter = find_entry(key);

    if (iter == entries_.end()) {

      entries_.emplace_back(key, std::move(tokens));

    } else {

      iter->second = std::move(tokens);

    }

    return core::Unit{};

  }


  core::Result<core::Unit> remove(const TokenKey& key) override {

    auto iter = find_entry(key);

    if (iter != entries_.end()) {

      entries_.erase(iter);

    }

    return core::Unit{};

  }


 private:

  using Entry = std::pair<TokenKey, TokenSet>;


  static bool matches(const MetadataMap& lhs, const MetadataMap& rhs) {

    if (lhs.size() != rhs.size()) {

      return false;

    }

    bool equal = true;

    auto lhs_iter = lhs.begin();

    auto rhs_iter = rhs.begin();

    for (; lhs_iter != lhs.end(); ++lhs_iter, ++rhs_iter) {

      equal = constant_time_string_equal(lhs_iter->first, rhs_iter->first) &

              constant_time_string_equal(lhs_iter->second, rhs_iter->second) &

              equal;

    }

    return equal;

  }


  static bool matches(const TokenKey& lhs, const TokenKey& rhs) {

    return constant_time_string_equal(lhs.resource, rhs.resource) &

           constant_time_string_equal(lhs.issuer, rhs.issuer) &

           constant_time_string_equal(lhs.client_id, rhs.client_id) &

           matches(lhs.attributes, rhs.attributes);

  }


  std::vector<Entry>::iterator find_entry(const TokenKey& key) {

    for (auto iter = entries_.begin(); iter != entries_.end(); ++iter) {

      if (matches(iter->first, key)) {

        return iter;

      }

    }

    return entries_.end();

  }


  std::vector<Entry>::const_iterator find_entry(const TokenKey& key) const {

    for (auto iter = entries_.begin(); iter != entries_.end(); ++iter) {

      if (matches(iter->first, key)) {

        return iter;

      }

    }

    return entries_.end();

  }


  std::vector<Entry> entries_;

};


}  // namespace mcp::auth

types.hpp
Shared lightweight value types for cxxmcp auth contracts.

mcp::auth::InMemoryTokenStore
Minimal non-persistent token store useful for tests and simple apps.
Definition token.hpp:68

mcp::auth::TokenStore
Application-provided OAuth token persistence boundary.
Definition token.hpp:53

constant_time.hpp
Constant-time comparison helpers for auth secrets and lookup keys.

mcp::auth::constant_time_string_equal
bool constant_time_string_equal(std::string_view lhs, std::string_view rhs) noexcept
Compare two strings without data-dependent early exit.
Definition constant_time.hpp:17

result.hpp
Shared result and error primitives used by the public cxxmcp SDK.

mcp::core::Unit
std::monostate Unit
Success value for operations that only need to report failure.
Definition result.hpp:55

mcp::core::Result
tl::expected< T, Error > Result
Alias for the SDK result type.
Definition result.hpp:64

mcp::auth::TokenKey
Stable key for token storage.
Definition token.hpp:45

mcp::auth::TokenRefreshResult
Token refresh result, including optional refresh-token rotation.
Definition token.hpp:36

mcp::auth::TokenSet
OAuth access and refresh token state owned by the application.
Definition token.hpp:20

mcp::auth::TokenSet::expired
bool expired(TimePoint now=SystemClock::now()) const
Returns true when an expiry timestamp exists and is not in the future.
Definition token.hpp:30